Background: Client information is private and confidential. Independent Review Inc. (“IR” or the “Company”) recognizes that clients have a right to have their information protected. IR’s Privacy Protection Policy governs the collection, use and disclosure of personal client information. Specifically, this policy outlines how IR complies with provincial and federal regulations governing client information including the Privacy Act and the Personal Information Protection and Electronics Document Act (PIPEDA). PIPEDA is the privacy legislation of the Canadian federal government in force from January 2004 as amended by the Digital Privacy Act in June 2015. Under PIPEDA, no business may collect, use or disclose personal client information without clearly defining the purpose of such collection, use or disclosure and obtaining informed consent. The collection, use or disclosure is limited to purposes that a reasonable person would consider appropriate in the circumstances. The legislation further regulates the protection, retention and destruction of client information. PIPEDA offers clients the right to access their information upon request and challenge the information that is being retained. The key privacy principles of PIPEDA form the basis of IR’s comprehensive Privacy Protection Policy.

Intended Purpose: Client information is any information that identifies an individual including such items as: an individual’s name, address, age, financial information, social insurance number, personal email address and telephone numbers. Client information may be in paper or electronic form.

IR will collect and retain client information for a number of purposes including to: determine a client’s identity, provide related services to clients, administer client accounts, establish and manage relationships (including conducting client evaluations and assessments), provide client communications and other commercial reasons.

IR will use client information only for the purposes identified at or before the time of collection. IR does not sell or rent client information, under any circumstances.

Consent: All information concerning clients and their accounts are confidential and will not be disclosed to a third party unless the intended purpose is disclosed. Should client information be required for a new purpose, IR will take the necessary steps in order to seek additional consent.

Consent may be expressed in writing, orally or implied directly by the client’s actions. In most cases, consent is obtained via a services agreement or retainers between the client and IR. All client information collected by IR will be kept confidential and shall not be disclosed to any third party, except for the specific reasons expressly identified or if the client has provided express consent.

From time to time, requests for client information may be received from: government agencies; law enforcement agencies; securities commissions; law societies; other self-regulatory organizations (SRO’s); or under a court order. Express consent will not be required if needed for: audit, statistical or record-keeping purposes; a legal reason or request by securities or legal regulatory authorities or SRO; to collect a debt owed by the client; to a legal professional for the purposes of obtaining legal advice; and pursuant to a court order. Should IR be asked to produce confidential information by any such entity, the Company will comply. In some cases, the Company may provide information on its own initiative if there are reasonable grounds to believe crime or a violation of securities regulation is involved.

Consent to use personal information may be withdrawn by a client at any time.

Collection: Client information will only be collected as needed for intended purposes. During the course of providing products or services to a client, IR may collect personal information in several different ways: the website, by telephone, by written correspondence, or by email. The purpose of collection of personal information is for the sole purpose of providing products/services and in order to adequately communicate information.

IR may collect information from site visitors if personal information is provided or contact is requested. Upon deemed acceptance of the terms of use of the website, visitors information may be collected for the purpose of answering inquiries, providing marketing materials, corporate background and inviting guests to access services, upon the client’s request.

Website information may be collected in many forms including by obtaining the domain name of visitors, the email addresses and personal information that is volunteered, dealer information and geographic location. The site may employ a standard technology to collect information about how the site is used for the purposes of improving website design.

Use, Disclosure and Retention: Client information will only be used for the purposes for which it was collected. IR may share client information with authorities for regulatory or tax reporting purposes. Information may also be shared with law society, SROs and legal bodies for reasons previously discussed. Client information may also be shared with external service providers or strategic partners/affiliates (upon verbal consent by the client).

Client information will only be retained for as long as needed in order to satisfy the stated purposes at the time of collection. When the information is no longer required necessary measures will be taken to destroy, dispose of, or delete the information.

Accuracy: It is important for IR to keep client information accurate in order to provide quality service and minimize the potential for misuse. IR strives to keep client information correct, complete and up-to-date. Clients may be contacted periodically to ensure information is accurate on file. Clients are requested to advise IR of any changes to client information, as IR is not liable for errors that cannot be corrected without client input. Should an inaccuracy be found, IR will act efficiently to correct it at no cost to the client.

Safeguards: Security measures include passwords on networks and systems and restricted access to the office, and records within the office.

Directness: IR makes every effort to explain policies and procedures to clients and explain how client information is managed. IR’s Privacy Protection Policy will be provided upon request by e-mail or phone.

Access: Clients have a right to their personal information. Clients have the right to verify the accuracy and completeness of their personal information, and may request that it be amended. Upon request (in writing) with appropriate supporting documentation confirming identity, clients will be given a copy of their client files.

Under certain circumstances IR may not be able to provide clients with access to specific pieces of information. For example, clients will not be granted access to information containing references to other persons or that has proprietary information confidential to the firm. Also, access will not be provided to information that has been destroyed or is too costly to retrieve.

IR will respond to requests for access in writing within 30 days of receipt.

IR’s Privacy Protection Policy is intended to provide clients with comfort that their personal information is handled with the utmost importance and care. IR is continually balancing clients’ right to privacy with the needs of the business and therefore, welcome any feedback on how privacy protection policies and procedures can be improved.

The Personal Information Protection and Electronic Document Act can be found on the Office of the Privacy Commissioner of Canada website.

Should you have any questions, comments of complaints, please contact